예제 #1
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # get the report, automatically append results
         started = timestamp(datetime.utcnow())
         response = self.get_file_report(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check eventually for errors
         if 'error' in response:
             results.status = self.VirusTotalResult.ERROR
             results.error = str(response['error'])
         elif response['response_code'] == 204:
             results.status = self.VirusTotalResult.ERROR
             results.error = "Public API request rate limit exceeded"
         elif response['response_code'] == 403:
             results.status = self.VirusTotalResult.ERROR
             results.error = "Access forbidden (wrong key value or type)"
         elif response['response_code'] == 200 and \
              response['results']['response_code'] != 1:
             results.status = self.VirusTotalResult.NOT_FOUND
         else:
             results.status = self.VirusTotalResult.FOUND
         results.results = response if 'error' not in response else None
     except Exception as e:
         results.status = self.VirusTotalResult.ERROR
         results.results = str(e)
     return results
예제 #2
0
파일: plugin.py 프로젝트: quarkslab/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # get the report, automatically append results
         started = timestamp(datetime.utcnow())
         response = self.get_file_report(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check eventually for errors
         if 'error' in response:
             results.status = self.VirusTotalResult.ERROR
             results.error = str(response['error'])
         elif response['response_code'] == 204:
             results.status = self.VirusTotalResult.ERROR
             results.error = "Public API request rate limit exceeded"
         elif response['response_code'] == 403:
             results.status = self.VirusTotalResult.ERROR
             results.error = "Access forbidden (wrong key value or type)"
         elif response['response_code'] == 200 and \
              response['results']['response_code'] != 1:
             results.status = self.VirusTotalResult.NOT_FOUND
         else:
             results.status = self.VirusTotalResult.FOUND
         results.results = response if 'error' not in response else None
     except Exception as e:
         results.status = self.VirusTotalResult.ERROR
         results.results = str(e)
     return results
예제 #3
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # get the report, automatically append results
         started = timestamp(datetime.utcnow())
         (error_raised, response) = self.get_file_report(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check eventually for errors
         if error_raised:
             results.status = self.YaraResult.ERROR
             results.error = response
         elif response.__len__() == 0:
             results.status = self.YaraResult.NOT_FOUND
         else:
             results.status = self.YaraResult.FOUND
         match_string = ""
         matches = []
         if results.status is self.YaraResult.FOUND:
             for match in response:
                 match_string = "{0}, {1}".format(match_string, match)
                 matches.append("{0!s}".format(match))
         results.results = None
         if not error_raised:
             # results.results = {'Matches': "{0}".format(match_string)}
             results.results = {'Matches': matches}
     except Exception as e:
         results.status = self.YaraResult.ERROR
         results.results = str(e)
     return results
예제 #4
0
 def run(self, paths):
     response = PluginResult(name=type(self).plugin_display_name,
                             type=type(self).plugin_category,
                             version=None)
     try:
         started = timestamp(datetime.utcnow())
         response.results = sha256sum(open(paths, 'rb'))
         stopped = timestamp(datetime.utcnow())
         response.duration = stopped - started
         response.status = self.DummyResult.SUCCESS
     except Exception as e:
         response.status = self.DummyResult.ERROR
         response.results = type(e).__name__ + " : " + str(e)
     return response
예제 #5
0
파일: plugin.py 프로젝트: quarkslab/irma
 def run(self, paths):
     response = PluginResult(name=type(self).plugin_display_name,
                             type=type(self).plugin_category,
                             version=None)
     try:
         started = timestamp(datetime.utcnow())
         response.results = "Main analysis call here"
         stopped = timestamp(datetime.utcnow())
         response.duration = stopped - started
         response.status = self.SkeletonResult.SUCCESS
     except Exception as e:
         response.status = self.SkeletonResult.ERROR
         response.results = str(e)
     return response
예제 #6
0
 def run(self, paths):
     response = PluginResult(name=type(self).plugin_display_name,
                             type=type(self).plugin_category,
                             version=None)
     try:
         started = timestamp(datetime.utcnow())
         response.results = "Main analysis call here"
         stopped = timestamp(datetime.utcnow())
         response.duration = stopped - started
         response.status = self.SkeletonResult.SUCCESS
     except Exception as e:
         response.status = self.SkeletonResult.ERROR
         response.results = str(e)
     return response
예제 #7
0
 def run(self, paths):
     results = PluginResult(name=type(self).display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # lookup the specified sha1
         started = timestamp(datetime.utcnow())
         response = self.module.lookup_by_sha1(sha1sum(paths).upper())
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check for errors
         if isinstance(response, dict) and \
             (not response.get('MfgCode', None) or
              not response.get('OpSystemCode', None) or
              not response.get('ProductCode', None) or
              not response.get('SHA-1', None)):
             results.status = self.NSRLPluginResult.NOT_FOUND
             response = None
         else:
             results.status = self.NSRLPluginResult.FOUND
         results.results = response
     except Exception as e:
         results.status = self.NSRLPluginResult.ERROR
         results.error = str(e)
     return results
예제 #8
0
파일: interface.py 프로젝트: quarkslab/irma
    def run(self, paths):
        assert self.module
        if isinstance(paths, (tuple, list, set)):
            raise NotImplementedError(
                "Scanning of multiple paths at once is not supported for now")
        fpath = Path(paths)

        results = PluginResult(name=type(self).plugin_display_name,
                               type=type(self).plugin_category,
                               version=self.module.version)
        try:
            # add database metadata
            results.database = None
            if self.module.database:
                results.database = {str(fp): self.file_metadata(fp)
                                    for fp in self.module.database}
            # launch an antivirus scan, automatically append scan results
            started = timestamp(datetime.utcnow())
            results.status = self.module.scan(fpath)
            stopped = timestamp(datetime.utcnow())
            results.duration = stopped - started

            return_results = self.module.scan_results[fpath]
            # add scan results or append error
            if results.status < 0:
                results.error = return_results
            else:
                results.results = return_results

            # Add virus_database_version metadata
            results.virus_database_version = self.module.virus_database_version
        except Exception as e:
            results.status = -1
            results.error = str(e)
        return results
예제 #9
0
파일: plugin.py 프로젝트: quarkslab/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # query the ICAP server: issue a REQMOD request
         started = timestamp(datetime.utcnow())
         response = self.query_server(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         if response is None:
             results.status = self.ICAPResult.CLEAN
             results.results = 'No threat found'
         else:
             results.status = self.ICAPResult.INFECTED
             results.results = response
     except Exception as e:
         results.status = self.ICAPResult.ERROR
         results.error = str(e)
     return results
예제 #10
0
파일: plugin.py 프로젝트: yehias/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # query the ICAP server: issue a REQMOD request
         started = timestamp(datetime.utcnow())
         response = self.query_server(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         if response is None:
             results.status = self.ICAPResult.CLEAN
             results.results = 'No threat found'
         else:
             results.status = self.ICAPResult.INFECTED
             results.results = response
     except Exception as e:
         results.status = self.ICAPResult.ERROR
         results.error = type(e).__name__ + " : " + str(e)
     return results
예제 #11
0
    def run(self, paths):
        results = PluginResult(name=type(self).plugin_name,
                               type=type(self).plugin_category,
                               version=self.lief_version)
        try:
            started = timestamp(datetime.utcnow())
            response = self.analyze(filename=paths)
            stopped = timestamp(datetime.utcnow())

            results.duration = stopped - started
            # update results
            if not response:
                results.status = self.LiefAnalyzerResult.FAILURE
                results.results = "ERROR"
            else:
                results.status = self.LiefAnalyzerResult.SUCCESS
                results.results = response
        except Exception as e:
            results.status = self.LiefAnalyzerResult.ERROR
            results.results = str(e)
        return results
예제 #12
0
파일: plugin.py 프로젝트: yehias/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     # launch file analysis
     try:
         started = timestamp(datetime.utcnow())
         response = self.analyze(filename=paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # update results
         if not response:
             results.status = self.StaticAnalyzerResults.FAILURE
             results.results = "Not a PE file"
         else:
             results.status = self.StaticAnalyzerResults.SUCCESS
             results.results = response
     except Exception as e:
         results.status = self.StaticAnalyzerResults.ERROR
         results.error = type(e).__name__ + " : " + str(e)
     return results
예제 #13
0
파일: plugin.py 프로젝트: quarkslab/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     # launch file analysis
     try:
         started = timestamp(datetime.utcnow())
         response = self.analyze(filename=paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # update results
         if not response:
             results.status = self.StaticAnalyzerResults.FAILURE
             results.results = "Not a PE file"
         else:
             results.status = self.StaticAnalyzerResults.SUCCESS
             results.results = response
     except Exception as e:
         results.status = self.StaticAnalyzerResults.ERROR
         results.error = str(e)
     return results
예제 #14
0
파일: plugin.py 프로젝트: quarkslab/irma
    def run(self, paths):
        results = PluginResult(name=type(self).plugin_name,
                               type=type(self).plugin_category,
                               version=self.lief_version)
        try:
            started = timestamp(datetime.utcnow())
            response = self.analyze(filename=paths)
            stopped = timestamp(datetime.utcnow())

            results.duration = stopped - started
            # update results
            if not response:
                results.status = self.LiefAnalyzerResult.FAILURE
                results.results = "ERROR"
            else:
                results.status = self.LiefAnalyzerResult.SUCCESS
                results.results = response
        except Exception as e:
            results.status = self.LiefAnalyzerResult.ERROR
            results.results = str(e)
        return results
예제 #15
0
파일: plugin.py 프로젝트: quarkslab/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         started = timestamp(datetime.utcnow())
         (status, response) = self.analyze(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         results.status = status
         results.results = response
     except Exception as e:
         results.status = self.PEiDResult.ERROR
         results.error = str(e)
     return results
예제 #16
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         started = timestamp(datetime.utcnow())
         (status, response) = self.analyze(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         results.status = status
         results.results = response
     except Exception as e:
         results.status = self.PEiDResult.ERROR
         results.error = type(e).__name__ + " : " + str(e)
     return results
예제 #17
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         started = timestamp(datetime.utcnow())
         output_dir = tempfile.mkdtemp()
         file_list = self.unarchive(paths, output_dir)
         results.output_files = {}
         results.output_files['output_dir'] = output_dir
         results.output_files['file_list'] = file_list
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         results.status = self.UnarchiveResult.OK
         results.results = None
     except Exception as e:
         results.status = self.UnarchiveResult.ERROR
         results.error = "Maybe a zip bomb : " + str(e)
     return results
예제 #18
0
    def run(self, paths):
        assert self.module
        if isinstance(paths, (tuple, list, set)):
            raise NotImplementedError(
                "Scanning of multiple paths at once is not supported for now")
        fpath = Path(paths)

        results = PluginResult(name=type(self).plugin_display_name,
                               type=type(self).plugin_category,
                               version=self.module.version)
        try:
            # add database metadata
            results.database = None
            if self.module.database:
                results.database = {
                    str(fp): self.file_metadata(fp)
                    for fp in self.module.database
                }
            # launch an antivirus scan, automatically append scan results
            fpath = str(fpath)
            started = timestamp(datetime.utcnow())
            results.status = self.module.scan(fpath)
            stopped = timestamp(datetime.utcnow())
            results.duration = stopped - started

            return_results = self.module.scan_results[fpath]
            # add scan results or append error
            if results.status < 0:
                results.error = return_results
            else:
                results.results = return_results

            # Add virus_database_version metadata
            results.virus_database_version = self.module.virus_database_version
        except Exception as e:
            results.status = -1
            results.error = str(e)
        return results